CPView Utility is built-in and supported only on:

Versions	R77 GA and higher R76SP.50
Operating Systems	Gaia OS / SecurePlatform OS
Products	Security Gateway: R76SP.50, R77, and higher - full monitoring of system resources, software blades, etc. R77.10 and higher - history mode was added R76SP.50 - history mode is not supported Security Management Server: R77 and higher - only monitoring of CPU, Memory and Disk Space R77 and higher - history mode is not supported Multi-Domain Security Management Server: R80.20 - supported from R80.20 Jumbo HFA Take_43 R80.10 - supported from R80.10 Jumbo HFA Take_203 R77.30 - CPView is not supported R77, R77.10, and R77.20 - only monitoring of CPU, Memory, and Disk Space R77, R77.10, and R77.20 - history mode is not supported StandAlone: R77.10 and higher - history mode was added R77 and higher - full monitoring of system resources, software blades, etc.

[Expert@HostName:0]# cpview {-h | --help}

[Expert@HostName:0]# cpview {-t | --history}

[Expert@HostName:0]# cpview {-s | --services} {on | off | stat | export}

Where:

Command	Description
cpview -h cpview --help	Display this help and exit.
cpview -t cpview --history	History mode. In CPview, press the "t" key and and enter the applicable date and time. The format is: [Jan...Dec] [01...31] [4-digit Year] [hh:mm:ss] In R81.10 and higher versions, you can enter a partial date. For example: Jan 02.
cpview -s <option> cpview --services <option>	CPView administration: on Turn on CPView services off Turn off CPView services stat Show CPView services status export Export current CPView data base CPView services are responsible for the Database and SNMP activity.

[Expert@HostName:0]# cpview

[Expert@HostName:0]# cpview --help

[Expert@HostName:0]# cpview -b [-t <sec> [-i <count>] [-j] [-l <filesize>]]

[Expert@HostName:0]# cpview -b -s

[Expert@HostName:0]# cpview -c <conf_file>

[Expert@HostName:0]# cpview history {on | off | stat | export}

[Expert@HostName:0]# cpview -p

[Expert@HostName:0]# cpview -t <timestamp>

Where:

Command	Description
cpview --help	Prints the built-in help.
cpview -b [-t <sec> [-i <count>] [-j] [-l <filesize>] ]	Prints batch statistics data. -t <sec> Sets time interval to <sec> seconds before the new dump info is generated. The value of <sec> must be greater than 30. -i <count> Limits dump info to <count> times. -j Compresses the generated logs after you run the "cpview -b -s" command to stop the instance. -l <filesize> Changes log file size limit to <filesize> MB (default = 1024 MB). In the background, data is dumped into logs saved in the /var/log/cpview/ directory.
cpview -b -s	Stops the "cpview -b" instance that runs in the background.
cpview -c <conf_file>	Loads configuration from <conf_file>.
cpview history {on | off | stat | export}	Controls the CPView History daemon (cpview_historyd): on Starts the CPView History daemon. off Stops the CPView History daemon stat Checks whether the CPView History daemon is activated. export Exports the History database for archiving purposes only. In R77.30, it is available only when R77.30 Jumbo Hotfix is installed.
cpview -p	Prints all CPView views one time.
cpview -t <timestamp>	Shows the history content from the /var/log/CPView_history/CPViewDB.dat file. Shows either the oldest available content, or from a given <timestamp>, where <timestamp> format is: [Jan...Dec] [01...31] [4-digit Year] [hh:mm:ss]

[Expert@HostName:0]# cpview

[Expert@HostName:0]# cpview --help

[Expert@HostName:0]# cpview -c <conf_file>

[Expert@HostName:0]# cpview -d

[Expert@HostName:0]# cpview -b [-t <sec> [-i <count>] [-j] [-l <filesize>]]

[Expert@HostName:0]# cpview -b -s

[Expert@HostName:0]# cpview -p

Where:

Command	Description
cpview --help	Prints the built-in help.
cpview -c <conf_file>	Loads configuration from <conf_file>.
cpview -d	Turns on the CPView debug.
cpview -b [-t <sec> [-i <count>] [-j] [-l <filesize>] ]	Prints batch statistics data. -t <sec> Sets time interval to <sec> seconds before the new dump info is generated. The value of <sec> must be greater than 30. -i <count> Limits dump info to <count> times. -j Compresses the generated logs after you run the "cpview -b -s" command to stop the instance. -l <filesize> Changes log file size limit to <filesize> MB (default = 1024 MB). In the background, data is dumped into logs saved in the /var/log/cpview/ directory.
cpview -b -s	Stops the "cpview -b" instance that runs in the background.
cpview -p	Prints all CPView views once.

• The CPView interface has these sections:

  Section	Description
  Header	Shows the time the statistics shown in the third section (view) were gathered. It is updated every time the statistics are refreshed.
  Navigation	Navigation menus. This bar is interactive. Move between menus using the arrow keys and the mouse. A menu can have sub-menus, which are shown in a bar below the current menu bar.
  View	This section shows the statistics that are gathered in the specific view. These statistics update at an adjustable refresh rate (default refresh rate is 2 seconds).

• Navigation in the CPView interface:

  Key	Description
  Arrow keys	Moves between menus and views and scroll in a view.
  Tab	Goes to the next view (to the right) in the menu. Even in the view mode.
  Shift+Tab	Goes to the next view (to the left) in the menu. Even in the view mode.
  Home	Returns to the Overview view.
  Enter	Switches to the view mode. If currently on a menu with sub-menus, changes focus to the lowest sub-menu to see its views.
  Esc	Returns to the menu mode.
  Q	Quits CPView.
  M	Enables and disables the navigation with the mouse.
  T	In the History mode only (cpview -t / --history): Prompts for the timestamp, to which you wish to move.
  +	In the History mode only (cpview -t / --history): Goes to the next timestamp. The next timestamp is equal to the current timestamp plus the refresh rate (see the "R" key).
  -	In the History mode only (cpview -t / --history): Goes to the previous timestamp. The previous timestamp is equal to the current timestamp minus the refresh rate (see the "R" key).

• Changing the CPView interface:

  Key	Description
  R	Configures the refresh rate (in seconds): In the History mode, set the rate for database snapshots, between 60.0 and 86400.0 (default = 60) In other modes, set the interval for data collection, between 0.1 and 86400.0 (default = 2).
  Space	Immediately refreshes the statistics in the current view.
  W	Switches between the wide display mode and normal display mode. In the wide display mode, CPView stretches to fit the entire screen horizontally.
  S	Configures set the number or rows and columns in the output.
  P	Pauses and resumes the collection of statistics.

• Additional operations in the CPView interface:

  Key	Description
  H	Shows the built-in help with the CPView options.
  C	Saves the current page to a file in the current working directory. The file name format is: cpview_<PID of CPView process>.cap<Number of Capture> Example: cpview_20969.cap0 cpview_20969.cap1 cpview_20969.cap2

• The CPView Utility functionality is provided through the shell script /bin/cpview_start.sh, which calls the main daemon cpviewd

  • In R76SP.50, R77.30 and higher:

    $CPDIR/bin/cpviewd

  • In R77.20, R77.10, and R77:

    • $FWDIR/bin/cpviewd
    • $CPDIR/bin/cpview_historyd
      (the history daemon on Security Gateway, if the history mode is set to "on")

• Output of the 'cpwd_admin list' command shows the CPView Utility as CPVIEWD.

  Example:

  [Expert@HostName]# cpwd_admin list | grep -E "PID|CPVIEWD"
  APP        PID    STAT  #START  START_TIME             MON  COMMAND
  CPVIEWD    9732   E     1       [10:43:08] 12/1/2015   N    cpviewd
  

• Output of the 'cpwd_admin list' command shows the CPView Utility History Daemon as HISTORYD (use the 'cpview history on | off | stat' commands).

  Example:

  [Expert@HostName]# cpwd_admin list | grep -E "PID|HISTORYD"
  APP        PID    STAT  #START  START_TIME             MON  COMMAND
  HISTORYD   8792   E     1       [10:42:05] 12/1/2015   N    cpview_historyd
  

• To restart the CPView Utility ('cpviewd') using the 'cpwd_admin' command:

  1. Stop the CPView Utility ('cpviewd'):

     [Expert@HostName]# cpwd_admin stop -name CPVIEWD

  2. Turn off the CPview service / history daemon:

     • On R80.30 and higher, run:

       [Expert@Hostname]# cpview -s off

     • On R80.20 and lower, run:

       [Expert@Hostname]# cpview history off

  3. Start the CPView Utility ('cpviewd'):

     • On R76SP.50, R77.30 and higher, run:

       [Expert@HostName]# cpwd_admin start -name CPVIEWD -path "$CPDIR/bin/cpviewd" -command "cpviewd"

     • On R77.20, R77.10, and R77, run:

       [Expert@HostName]# cpwd_admin start -name CPVIEWD -path "$FWDIR/bin/cpviewd" -command "cpviewd"

  4. Turn on the CPview service / history daemon:

     • On R80.30 and higher, run:

       [Expert@Hostname]# cpview -s on

     • On R80.20 and lower, run:

       [Expert@Hostname]# cpview history on

Configuration / View	Limitations
All servers running Gaia OS	When the cpview command is executed several times in parallel (for example when 2 or more administrators are running it in parallel), data inconsistency may occur. Example: data is zeroed every few seconds.
Security Gateway	History Mode is not supported in R77 GA (feature was added only in R77.10). History Mode is not supported in R76SP.50 (GA Take 84).
VSX Gateway	When running the "cpview" command in Gaia Clish, the CPView shows only partial data in VSX contexts other than VS0 (the VSX Gateway). To see all data for a VSX context in the CPView: Connect to the command line on the VSX Gateway. Log in to the Expert mode. Go to the VSX context: vsenv <VS ID> Run the CPView: cpview R80.30 and lower versions: The History Mode is not fully supported - only the information from the context of VSX machine itself (VS0) is recorded. R77.20 and lower versions: "SysInfo" view always shows "Platform Gaia 32Bit", even when running 64-bit kernel (issue was resolved in R77.30).
Security Management Server (does not apply to StandAlone)	History Mode is not supported. This is by design.
Multi-Domain Security Management Server	Refer to Supported Deployments for the supported Multi-Domain deployments.
The "Top Protocols" shows "TCP:1024" as a high use protocol/service	This is by design. TCP:1024 represents all TCP high ports - TCP ports above 1024.
Gaia Embedded OS	1800 / 1600 / 1400 / 1200R/ 1100 / 700 / 600 / Series-80 appliances are not supported.
X-Series XOS	X-Series appliances are not supported.
CPView History file that was collected on another machine	The time presented in the CPview history is according to the time/timezone of the target machine, on which you open the CPview history file. If you need to see the exact timestamps of the source machine, then before loading the source CPView history data, change the timezone on your target machine to match the timezone of the source machine.
Screen colors in SSH Client	Some SSH clients support the customizations of the screen colors. Because CPView uses escape characters to create graphic effects, you should not change the screen colors in your SSH client.

• The History database is saved in:

  Version	Location
  R80.40 and higher	$CPDIR/log/cpview_services/cpview_services.dat
  R80.30, R80.20, R80.10, and R77.30	/var/log/CPView_history/CPViewDB.dat

• The History Mode saves the data for 30 days, unless the available space in /var/log/ is less than 512 MB

• Throughput displayed in Gaia Portal is much higher (approximately twice as much) than the throughput displayed in CPView Utility.

  • CPView Utility - Overview tab - section Traffic counters - counter Throughput

    The throughput data is obtained directly from the hardware.
    The total throughput is a sum of all throughput counters in each path (Fast Path, Medium Path, and Slow Path).

  • Gaia Portal - Overview pane - widget Throughput

    The throughput data is a sum of both Incoming and Outgoing traffic (sum of the RX packets and TX packets from /proc/net/dev).
    Packets are counted form all interfaces.
    If a packet passes through Slow Path (F2F), it will be counted twice.

  Example:

  

Version	What's New
R81.20	In the 'Advanced' category, the new tab 'Logging'
R81.10	Added the option to disable CPView and enable it again from the command line: To disable CPView, run in the Expert mode: kill -SIGUSR1 $(pidof cpviewd) To enable the CPView again, run in the Expert mode: cpviewd enable
R80.30	The syntax to work with the history database was changed from "cpview -t <timestamp>" to "cpview -t": Run: cpview -t In CPView history, press the "t" key. Enter the applicable date and time and press Enter.
R80.10	New view in CPView - Mail Statistics related to Threat Emulation MTA: Number of e-mails in MTA queue (Software-blades -> Threat-Emulation -> MTA -> Queues) Mails Received / Processed / Modified / Deferred / Blocked / Skipped / Failed (Software-blades -> Threat-Emulation -> MTA -> Monitoring) For details, refer to sk109699 - ATRG: Mail Transfer Agent (MTA) section "(7) CPView integration".
R77.30	New views in CPView for more accurate and detailed analysis on a Security Gateway: Top protocols by throughput (Network -> Top-Protocols) Top connections by throughput (Network -> Top-Connections) Top protocols by CPU (I/S -> CPU -> Top-Protocols) Top connections by CPU (I/S -> CPU -> Top-Connections) Note: The mode of the Firewall Priority Queues on Security Gateway should be set to "1" (CPU Connections Statistics) - refer to sk105762 - section "(IV-B) Monitoring - Evaluation of Heavy Connections" Software-blades package updates information (Software-blades -> Overview) - displays information on last update time and package number for IPS, Anti-Virus, Anti-Bot, and Application Control blades. Threat-Extraction blade overview (Software-blades -> Threat-Extraction) CPView daemon "cpviewd" was moved from $FWDIR/bin/ to $CPDIR/bin/

Output on a Management Server

Note - In a Global Domain of a Multi-Domain Security Management Server, the "Log-Rates" and "Indexer-Rates" tabs show an aggregation of the rates from other Domains. The "Exporter-Rates" tab shows the data for the Global Domain only.

Advanced > Logging > Log-Rates

Metric	Type	Refresh Rate	Comment
Log Receive Rate (Log Rate)	Number	10 seconds	Average log rate received by a Log Server.
Log Receive Rate Last 10 Minutes	Number	10 minutes	Average log rate received by a Log Server during the last 10 minutes.
Log Receive Rate 1 Hour	Number	1 hour	Average log rate received by a Log Server during the last 1 hour.
Log Receive Rate Peak (Since last restart)	Number	10 seconds	Peak average log rate received by a Log Server since the last start of Check Point services.

Advanced > Logging > Indexer-Rates

Metric	Type	Refresh Rate	Comment
Log Reading Rate	Number	10 seconds	Average number of received logs by an Indexer per second.
Log Indexing Rate	Number	10 seconds	Average number of indexed logs by an Indexer per second.

Advanced > Logging > Exporter-Rates

Metric	Type	Refresh Rate	Comment
Name	Text	10 seconds	Name of a configured Log Exporter instance
Log Exporting Rate	Number	10 seconds	Average number of exported logs

Output on a Security Gateway

Advanced > Logging > Log-Rates

Metric	Type	Refresh Rate	Comment
Generated Log Rate	Number	10 seconds	Average number of logs being generated by this Security Gateway / Cluster Member per second.
Local Logging Rate	Number	10 seconds	Average number of logs being saved locally by this Security Gateway / Cluster Member per second.
IP	Text	10 seconds	IP address of a Log Server, to which this Security Gateway / Cluster Member sends its logs.
Log Sending Rate	Number	10 seconds	Average number of logs this Security Gateway / Cluster Member sends to its Log Server per second.

#	Symptoms	Root Cause	Next Steps
1	Output of the "cpview -t" command only shows "CPView: History is initializing". Example: [Expert@MyGW:0]# cpview -t CPView: History is initializing [Expert@MyGW:0]#	Very old history database. CPView service searches for the most recent timestamp in the history database when it starts. A very old history database might cause this query to fail. As a result, CPView service might fail to start.	If a listed troubleshooting step does not help, proceed to the next one. Make sure the /var/log partition is not full: [Expert@MyGW:0]# df -h If it is full, then delete (transfer to an external storage) all unnecessary files. Restart the CPView service: [Expert@MyGW:0]# cpview -s off [Expert@MyGW:0]# cpview -s on [Expert@MyGW:0]# cpview -s stat Remove the current history database: Stop the CPView service: [Expert@MyGW:0]# cpview -s off Back up the current history database: [Expert@MyGW:0]# mkdir -v /var/log/cpview_history_database [Expert@MyGW:0]# mv -v $CPDIR/log/cpview_services/* /var/log/cpview_history_database Start the CPView service: [Expert@MyGW:0]# cpview -s on [Expert@MyGW:0]# cpview -s stat